Pino Toscano
2016-Sep-30 09:30 UTC
[Libguestfs] [PATCH 0/4] Consolidate Checksums as common code
Hi, this small series moves the OCaml Checksums module from virt-builder to mllib, adding more features to use it also for v2v. Thanks, Pino Toscano (4): mllib: move Checksums from builder mllib, builder: add and use Checksums.of_string mllib: add SHA1 support in Checksums v2v: -i ova: use Checksums builder/Makefile.am | 2 -- builder/builder.ml | 6 +++- builder/checksums.ml | 57 ----------------------------------- builder/checksums.mli | 33 -------------------- builder/simplestreams_parser.ml | 8 +++-- mllib/Makefile.am | 4 ++- mllib/checksums.ml | 67 +++++++++++++++++++++++++++++++++++++++++ mllib/checksums.mli | 42 ++++++++++++++++++++++++++ v2v/input_ova.ml | 17 +++-------- 9 files changed, 128 insertions(+), 108 deletions(-) delete mode 100644 builder/checksums.ml delete mode 100644 builder/checksums.mli create mode 100644 mllib/checksums.ml create mode 100644 mllib/checksums.mli -- 2.7.4
Pino Toscano
2016-Sep-30 09:30 UTC
[Libguestfs] [PATCH 1/4] mllib: move Checksums from builder
Move the Checksums module from virt-builder mostly as it is; the only
change is that on checksum mismatch an exception is raised rather than
invoking "error" directly: this way users of verify_checksum &
verify_checksums can do their own handling of the situation.
---
builder/Makefile.am | 2 --
builder/builder.ml | 6 +++++-
builder/checksums.ml | 57 ---------------------------------------------------
builder/checksums.mli | 33 -----------------------------
mllib/Makefile.am | 4 +++-
mllib/checksums.ml | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++
mllib/checksums.mli | 35 +++++++++++++++++++++++++++++++
7 files changed, 99 insertions(+), 94 deletions(-)
delete mode 100644 builder/checksums.ml
delete mode 100644 builder/checksums.mli
create mode 100644 mllib/checksums.ml
create mode 100644 mllib/checksums.mli
diff --git a/builder/Makefile.am b/builder/Makefile.am
index 7983223..5977d8b 100644
--- a/builder/Makefile.am
+++ b/builder/Makefile.am
@@ -44,7 +44,6 @@ SOURCES_MLI = \
cache.mli \
cmdline.mli \
downloader.mli \
- checksums.mli \
index.mli \
index_parser.mli \
ini_reader.mli \
@@ -61,7 +60,6 @@ SOURCES_ML = \
utils.ml \
pxzcat.ml \
setlocale.ml \
- checksums.ml \
index.ml \
ini_reader.ml \
yajl.ml \
diff --git a/builder/builder.ml b/builder/builder.ml
index fdbe659..799208a 100644
--- a/builder/builder.ml
+++ b/builder/builder.ml
@@ -307,7 +307,11 @@ let main () match entry with
(* New-style: Using a checksum. *)
| { Index.checksums = Some csums } ->
- Checksums.verify_checksums csums template
+ (try Checksums.verify_checksums csums template
+ with Checksums.Mismatched_checksum (csum, csum_actual) ->
+ error (f_"%s checksum of template did not match the expected
checksum!\n found checksum: %s\n expected checksum: %s\nTry:\n - Use the
'-v' option and look for earlier error messages.\n - Delete the cache:
virt-builder --delete-cache\n - Check no one has tampered with the website or
your network!")
+ (Checksums.string_of_csum_t csum) csum_actual
(Checksums.string_of_csum csum)
+ )
| { Index.checksums = None } ->
(* Old-style: detached signature. *)
diff --git a/builder/checksums.ml b/builder/checksums.ml
deleted file mode 100644
index c8cdc98..0000000
--- a/builder/checksums.ml
+++ /dev/null
@@ -1,57 +0,0 @@
-(* virt-builder
- * Copyright (C) 2015 Red Hat Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- *)
-
-open Common_gettext.Gettext
-open Common_utils
-
-open Utils
-
-open Printf
-
-type csum_t -| SHA256 of string
-| SHA512 of string
-
-let string_of_csum_t = function
- | SHA256 _ -> "sha256"
- | SHA512 _ -> "sha512"
-
-let string_of_csum = function
- | SHA256 c -> c
- | SHA512 c -> c
-
-let verify_checksum csum filename - let prog, csum_ref - match csum with
- | SHA256 c -> "sha256sum", c
- | SHA512 c -> "sha512sum", c
- in
-
- let cmd = sprintf "%s %s" prog (quote filename) in
- let lines = external_command cmd in
- match lines with
- | [] ->
- error (f_"%s did not return any output") prog
- | line :: _ ->
- let csum_actual = fst (String.split " " line) in
- if csum_ref <> csum_actual then
- error (f_"%s checksum of template did not match the expected
checksum!\n found checksum: %s\n expected checksum: %s\nTry:\n - Use the
'-v' option and look for earlier error messages.\n - Delete the cache:
virt-builder --delete-cache\n - Check no one has tampered with the website or
your network!")
- (string_of_csum_t csum) csum_actual csum_ref
-
-let verify_checksums checksums filename - List.iter (fun c ->
verify_checksum c filename) checksums
diff --git a/builder/checksums.mli b/builder/checksums.mli
deleted file mode 100644
index ef26634..0000000
--- a/builder/checksums.mli
+++ /dev/null
@@ -1,33 +0,0 @@
-(* virt-builder
- * Copyright (C) 2015 Red Hat Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- *)
-
-type csum_t -| SHA256 of string
-| SHA512 of string
-
-val verify_checksum : csum_t -> string -> unit
-(** Verify the checksum of the file. *)
-
-val verify_checksums : csum_t list -> string -> unit
-(** Verify all the checksums of the file. *)
-
-val string_of_csum_t : csum_t -> string
-(** Return a string representation of the checksum type. *)
-
-val string_of_csum : csum_t -> string
-(** Return a string representation of the checksum value. *)
diff --git a/mllib/Makefile.am b/mllib/Makefile.am
index 489529a..f100b2f 100644
--- a/mllib/Makefile.am
+++ b/mllib/Makefile.am
@@ -27,6 +27,7 @@ EXTRA_DIST = \
test-getopt.sh
SOURCES_MLI = \
+ checksums.mli \
common_utils.mli \
curl.mli \
dev_t.mli \
@@ -60,7 +61,8 @@ SOURCES_ML = \
StatVFS.ml \
JSON.ml \
curl.ml \
- exit.ml
+ exit.ml \
+ checksums.ml
SOURCES_C = \
../fish/decrypt.c \
diff --git a/mllib/checksums.ml b/mllib/checksums.ml
new file mode 100644
index 0000000..918a1c2
--- /dev/null
+++ b/mllib/checksums.ml
@@ -0,0 +1,56 @@
+(* virt-builder
+ * Copyright (C) 2015 Red Hat Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *)
+
+open Common_gettext.Gettext
+open Common_utils
+
+open Printf
+
+type csum_t +| SHA256 of string
+| SHA512 of string
+
+exception Mismatched_checksum of (csum_t * string)
+
+let string_of_csum_t = function
+ | SHA256 _ -> "sha256"
+ | SHA512 _ -> "sha512"
+
+let string_of_csum = function
+ | SHA256 c -> c
+ | SHA512 c -> c
+
+let verify_checksum csum filename + let prog, csum_ref + match csum with
+ | SHA256 c -> "sha256sum", c
+ | SHA512 c -> "sha512sum", c
+ in
+
+ let cmd = sprintf "%s %s" prog (Filename.quote filename) in
+ let lines = external_command cmd in
+ match lines with
+ | [] ->
+ error (f_"%s did not return any output") prog
+ | line :: _ ->
+ let csum_actual = fst (String.split " " line) in
+ if csum_ref <> csum_actual then
+ raise (Mismatched_checksum (csum, csum_actual))
+
+let verify_checksums checksums filename + List.iter (fun c ->
verify_checksum c filename) checksums
diff --git a/mllib/checksums.mli b/mllib/checksums.mli
new file mode 100644
index 0000000..202bdd1
--- /dev/null
+++ b/mllib/checksums.mli
@@ -0,0 +1,35 @@
+(* virt-builder
+ * Copyright (C) 2015 Red Hat Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *)
+
+type csum_t +| SHA256 of string
+| SHA512 of string
+
+exception Mismatched_checksum of (csum_t * string) (* expected checksum, got *)
+
+val verify_checksum : csum_t -> string -> unit
+(** Verify the checksum of the file. *)
+
+val verify_checksums : csum_t list -> string -> unit
+(** Verify all the checksums of the file. *)
+
+val string_of_csum_t : csum_t -> string
+(** Return a string representation of the checksum type. *)
+
+val string_of_csum : csum_t -> string
+(** Return a string representation of the checksum value. *)
--
2.7.4
Pino Toscano
2016-Sep-30 09:31 UTC
[Libguestfs] [PATCH 2/4] mllib, builder: add and use Checksums.of_string
Add a simple way to turn a combination of checksum type and value into a
csum_t. Use it in builder, even if still constrained.
---
builder/simplestreams_parser.ml | 8 ++++++--
mllib/checksums.ml | 6 ++++++
mllib/checksums.mli | 6 ++++++
3 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/builder/simplestreams_parser.ml b/builder/simplestreams_parser.ml
index 13e0b5d..f7682cd 100644
--- a/builder/simplestreams_parser.ml
+++ b/builder/simplestreams_parser.ml
@@ -156,8 +156,12 @@ let get_index ~downloader ~sigchecker
let checksums let checksums =
object_find_objects (
function
- | ("sha256", Yajl_string c) -> Some
(Checksums.SHA256 c)
- | ("sha512", Yajl_string c) -> Some
(Checksums.SHA512 c)
+ (* Since this catches all the keys, and not just
+ * the ones related to checksums, explicitly filter
+ * the supported checksums.
+ *)
+ | ("sha256"|"sha512" as t, Yajl_string c)
->
+ Some (Checksums.of_string t c)
| _ -> None
) disk_item in
match checksums with
diff --git a/mllib/checksums.ml b/mllib/checksums.ml
index 918a1c2..014e73e 100644
--- a/mllib/checksums.ml
+++ b/mllib/checksums.ml
@@ -35,6 +35,12 @@ let string_of_csum = function
| SHA256 c -> c
| SHA512 c -> c
+let of_string csum_type csum_value + match String.lowercase_ascii csum_type
with
+ | "sha256" -> SHA256 csum_value
+ | "sha512" -> SHA512 csum_value
+ | _ -> invalid_arg csum_type
+
let verify_checksum csum filename let prog, csum_ref match csum with
diff --git a/mllib/checksums.mli b/mllib/checksums.mli
index 202bdd1..298d7df 100644
--- a/mllib/checksums.mli
+++ b/mllib/checksums.mli
@@ -22,6 +22,12 @@ type csum_t
exception Mismatched_checksum of (csum_t * string) (* expected checksum, got *)
+val of_string : string -> string -> csum_t
+(** [of_string type value] returns the [csum_t] for the specified
+ combination of checksum type and checksum value.
+
+ Raise [Invalid_argument] if the checksum type is not known. *)
+
val verify_checksum : csum_t -> string -> unit
(** Verify the checksum of the file. *)
--
2.7.4
Pino Toscano
2016-Sep-30 09:31 UTC
[Libguestfs] [PATCH 3/4] mllib: add SHA1 support in Checksums
This way Checksums can be used in v2v.
---
mllib/checksums.ml | 5 +++++
mllib/checksums.mli | 1 +
2 files changed, 6 insertions(+)
diff --git a/mllib/checksums.ml b/mllib/checksums.ml
index 014e73e..dfa8c3a 100644
--- a/mllib/checksums.ml
+++ b/mllib/checksums.ml
@@ -22,21 +22,25 @@ open Common_utils
open Printf
type csum_t +| SHA1 of string
| SHA256 of string
| SHA512 of string
exception Mismatched_checksum of (csum_t * string)
let string_of_csum_t = function
+ | SHA1 _ -> "sha1"
| SHA256 _ -> "sha256"
| SHA512 _ -> "sha512"
let string_of_csum = function
+ | SHA1 c -> c
| SHA256 c -> c
| SHA512 c -> c
let of_string csum_type csum_value match String.lowercase_ascii csum_type
with
+ | "sha1" -> SHA1 csum_value
| "sha256" -> SHA256 csum_value
| "sha512" -> SHA512 csum_value
| _ -> invalid_arg csum_type
@@ -44,6 +48,7 @@ let of_string csum_type csum_value let verify_checksum csum
filename let prog, csum_ref match csum with
+ | SHA1 c -> "sha1sum", c
| SHA256 c -> "sha256sum", c
| SHA512 c -> "sha512sum", c
in
diff --git a/mllib/checksums.mli b/mllib/checksums.mli
index 298d7df..0074837 100644
--- a/mllib/checksums.mli
+++ b/mllib/checksums.mli
@@ -17,6 +17,7 @@
*)
type csum_t +| SHA1 of string
| SHA256 of string
| SHA512 of string
--
2.7.4
Make use of the Checksums module to ease the verification of the SHA1
checksums in manifests.
---
v2v/input_ova.ml | 17 +++++------------
1 file changed, 5 insertions(+), 12 deletions(-)
diff --git a/v2v/input_ova.ml b/v2v/input_ova.ml
index 4f848e2..5731a45 100644
--- a/v2v/input_ova.ml
+++ b/v2v/input_ova.ml
@@ -143,18 +143,11 @@ object
if Str.string_match rex line 0 then (
let disk = Str.matched_group 1 line in
let expected = Str.matched_group 2 line in
- let cmd = sprintf "sha1sum %s" (quote (mf_folder //
disk)) in
- let out = external_command cmd in
- match out with
- | [] ->
- error (f_"no output from sha1sum command, see previous
errors")
- | [line] ->
- let actual, _ = String.split " " line in
- if actual <> expected then
- error (f_"checksum of disk %s does not match manifest %s
(actual sha1(%s) = %s, expected sha1 (%s) = %s)")
- disk mf disk actual disk expected;
- debug "sha1 of %s matches expected checksum %s" disk
expected
- | _::_ -> error (f_"cannot parse output of sha1sum
command")
+ let csum = Checksums.SHA1 expected in
+ try Checksums.verify_checksum csum (mf_folder // disk)
+ with Checksums.Mismatched_checksum (_, actual) ->
+ error (f_"checksum of disk %s does not match manifest %s
(actual sha1(%s) = %s, expected sha1 (%s) = %s)")
+ disk mf disk actual disk expected;
)
in
(try loop () with End_of_file -> ());
--
2.7.4
Richard W.M. Jones
2016-Oct-03 08:12 UTC
Re: [Libguestfs] [PATCH 1/4] mllib: move Checksums from builder
On Fri, Sep 30, 2016 at 11:30:59AM +0200, Pino Toscano wrote:> Move the Checksums module from virt-builder mostly as it is; the only > change is that on checksum mismatch an exception is raised rather than > invoking "error" directly: this way users of verify_checksum & > verify_checksums can do their own handling of the situation. > --- > builder/Makefile.am | 2 -- > builder/builder.ml | 6 +++++- > builder/checksums.ml | 57 --------------------------------------------------- > builder/checksums.mli | 33 ----------------------------- > mllib/Makefile.am | 4 +++- > mllib/checksums.ml | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++ > mllib/checksums.mli | 35 +++++++++++++++++++++++++++++++ > 7 files changed, 99 insertions(+), 94 deletions(-) > delete mode 100644 builder/checksums.ml > delete mode 100644 builder/checksums.mli > create mode 100644 mllib/checksums.ml > create mode 100644 mllib/checksums.mli > > diff --git a/builder/Makefile.am b/builder/Makefile.am > index 7983223..5977d8b 100644 > --- a/builder/Makefile.am > +++ b/builder/Makefile.am > @@ -44,7 +44,6 @@ SOURCES_MLI = \ > cache.mli \ > cmdline.mli \ > downloader.mli \ > - checksums.mli \ > index.mli \ > index_parser.mli \ > ini_reader.mli \ > @@ -61,7 +60,6 @@ SOURCES_ML = \ > utils.ml \ > pxzcat.ml \ > setlocale.ml \ > - checksums.ml \ > index.ml \ > ini_reader.ml \ > yajl.ml \ > diff --git a/builder/builder.ml b/builder/builder.ml > index fdbe659..799208a 100644 > --- a/builder/builder.ml > +++ b/builder/builder.ml > @@ -307,7 +307,11 @@ let main () > match entry with > (* New-style: Using a checksum. *) > | { Index.checksums = Some csums } -> > - Checksums.verify_checksums csums template > + (try Checksums.verify_checksums csums template > + with Checksums.Mismatched_checksum (csum, csum_actual) -> > + error (f_"%s checksum of template did not match the expected checksum!\n found checksum: %s\n expected checksum: %s\nTry:\n - Use the '-v' option and look for earlier error messages.\n - Delete the cache: virt-builder --delete-cache\n - Check no one has tampered with the website or your network!") > + (Checksums.string_of_csum_t csum) csum_actual (Checksums.string_of_csum csum) > + ) > > | { Index.checksums = None } -> > (* Old-style: detached signature. *) > diff --git a/builder/checksums.ml b/builder/checksums.ml > deleted file mode 100644 > index c8cdc98..0000000 > --- a/builder/checksums.ml > +++ /dev/null > @@ -1,57 +0,0 @@ > -(* virt-builder > - * Copyright (C) 2015 Red Hat Inc. > - * > - * This program is free software; you can redistribute it and/or modify > - * it under the terms of the GNU General Public License as published by > - * the Free Software Foundation; either version 2 of the License, or > - * (at your option) any later version. > - * > - * This program is distributed in the hope that it will be useful, > - * but WITHOUT ANY WARRANTY; without even the implied warranty of > - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > - * GNU General Public License for more details. > - * > - * You should have received a copy of the GNU General Public License along > - * with this program; if not, write to the Free Software Foundation, Inc., > - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > - *) > - > -open Common_gettext.Gettext > -open Common_utils > - > -open Utils > - > -open Printf > - > -type csum_t > -| SHA256 of string > -| SHA512 of string > - > -let string_of_csum_t = function > - | SHA256 _ -> "sha256" > - | SHA512 _ -> "sha512" > - > -let string_of_csum = function > - | SHA256 c -> c > - | SHA512 c -> c > - > -let verify_checksum csum filename > - let prog, csum_ref > - match csum with > - | SHA256 c -> "sha256sum", c > - | SHA512 c -> "sha512sum", c > - in > - > - let cmd = sprintf "%s %s" prog (quote filename) in > - let lines = external_command cmd in > - match lines with > - | [] -> > - error (f_"%s did not return any output") prog > - | line :: _ -> > - let csum_actual = fst (String.split " " line) in > - if csum_ref <> csum_actual then > - error (f_"%s checksum of template did not match the expected checksum!\n found checksum: %s\n expected checksum: %s\nTry:\n - Use the '-v' option and look for earlier error messages.\n - Delete the cache: virt-builder --delete-cache\n - Check no one has tampered with the website or your network!") > - (string_of_csum_t csum) csum_actual csum_ref > - > -let verify_checksums checksums filename > - List.iter (fun c -> verify_checksum c filename) checksums > diff --git a/builder/checksums.mli b/builder/checksums.mli > deleted file mode 100644 > index ef26634..0000000 > --- a/builder/checksums.mli > +++ /dev/null > @@ -1,33 +0,0 @@ > -(* virt-builder > - * Copyright (C) 2015 Red Hat Inc. > - * > - * This program is free software; you can redistribute it and/or modify > - * it under the terms of the GNU General Public License as published by > - * the Free Software Foundation; either version 2 of the License, or > - * (at your option) any later version. > - * > - * This program is distributed in the hope that it will be useful, > - * but WITHOUT ANY WARRANTY; without even the implied warranty of > - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > - * GNU General Public License for more details. > - * > - * You should have received a copy of the GNU General Public License along > - * with this program; if not, write to the Free Software Foundation, Inc., > - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > - *) > - > -type csum_t > -| SHA256 of string > -| SHA512 of string > - > -val verify_checksum : csum_t -> string -> unit > -(** Verify the checksum of the file. *) > - > -val verify_checksums : csum_t list -> string -> unit > -(** Verify all the checksums of the file. *) > - > -val string_of_csum_t : csum_t -> string > -(** Return a string representation of the checksum type. *) > - > -val string_of_csum : csum_t -> string > -(** Return a string representation of the checksum value. *) > diff --git a/mllib/Makefile.am b/mllib/Makefile.am > index 489529a..f100b2f 100644 > --- a/mllib/Makefile.am > +++ b/mllib/Makefile.am > @@ -27,6 +27,7 @@ EXTRA_DIST = \ > test-getopt.sh > > SOURCES_MLI = \ > + checksums.mli \ > common_utils.mli \ > curl.mli \ > dev_t.mli \ > @@ -60,7 +61,8 @@ SOURCES_ML = \ > StatVFS.ml \ > JSON.ml \ > curl.ml \ > - exit.ml > + exit.ml \ > + checksums.ml > > SOURCES_C = \ > ../fish/decrypt.c \ > diff --git a/mllib/checksums.ml b/mllib/checksums.ml > new file mode 100644 > index 0000000..918a1c2 > --- /dev/null > +++ b/mllib/checksums.ml > @@ -0,0 +1,56 @@ > +(* virt-builder > + * Copyright (C) 2015 Red Hat Inc. > + * > + * This program is free software; you can redistribute it and/or modify > + * it under the terms of the GNU General Public License as published by > + * the Free Software Foundation; either version 2 of the License, or > + * (at your option) any later version. > + * > + * This program is distributed in the hope that it will be useful, > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > + * GNU General Public License for more details. > + * > + * You should have received a copy of the GNU General Public License along > + * with this program; if not, write to the Free Software Foundation, Inc., > + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > + *) > + > +open Common_gettext.Gettext > +open Common_utils > + > +open Printf > + > +type csum_t > +| SHA256 of string > +| SHA512 of string > + > +exception Mismatched_checksum of (csum_t * string) > + > +let string_of_csum_t = function > + | SHA256 _ -> "sha256" > + | SHA512 _ -> "sha512" > + > +let string_of_csum = function > + | SHA256 c -> c > + | SHA512 c -> c > + > +let verify_checksum csum filename > + let prog, csum_ref > + match csum with > + | SHA256 c -> "sha256sum", c > + | SHA512 c -> "sha512sum", c > + in > + > + let cmd = sprintf "%s %s" prog (Filename.quote filename) in > + let lines = external_command cmd in > + match lines with > + | [] -> > + error (f_"%s did not return any output") prog > + | line :: _ -> > + let csum_actual = fst (String.split " " line) in > + if csum_ref <> csum_actual then > + raise (Mismatched_checksum (csum, csum_actual)) > + > +let verify_checksums checksums filename > + List.iter (fun c -> verify_checksum c filename) checksums > diff --git a/mllib/checksums.mli b/mllib/checksums.mli > new file mode 100644 > index 0000000..202bdd1 > --- /dev/null > +++ b/mllib/checksums.mli > @@ -0,0 +1,35 @@ > +(* virt-builder > + * Copyright (C) 2015 Red Hat Inc. > + * > + * This program is free software; you can redistribute it and/or modify > + * it under the terms of the GNU General Public License as published by > + * the Free Software Foundation; either version 2 of the License, or > + * (at your option) any later version. > + * > + * This program is distributed in the hope that it will be useful, > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > + * GNU General Public License for more details. > + * > + * You should have received a copy of the GNU General Public License along > + * with this program; if not, write to the Free Software Foundation, Inc., > + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > + *) > + > +type csum_t > +| SHA256 of string > +| SHA512 of string > + > +exception Mismatched_checksum of (csum_t * string) (* expected checksum, got *) > + > +val verify_checksum : csum_t -> string -> unit > +(** Verify the checksum of the file. *) > + > +val verify_checksums : csum_t list -> string -> unit > +(** Verify all the checksums of the file. *) > + > +val string_of_csum_t : csum_t -> string > +(** Return a string representation of the checksum type. *) > + > +val string_of_csum : csum_t -> string > +(** Return a string representation of the checksum value. *) > -- > 2.7.4ACK. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-builder quickly builds VMs from scratch http://libguestfs.org/virt-builder.1.html
Richard W.M. Jones
2016-Oct-03 08:40 UTC
Re: [Libguestfs] [PATCH 4/4] v2v: -i ova: use Checksums
On Fri, Sep 30, 2016 at 11:31:02AM +0200, Pino Toscano wrote:> Make use of the Checksums module to ease the verification of the SHA1 > checksums in manifests. > --- > v2v/input_ova.ml | 17 +++++------------ > 1 file changed, 5 insertions(+), 12 deletions(-) > > diff --git a/v2v/input_ova.ml b/v2v/input_ova.ml > index 4f848e2..5731a45 100644 > --- a/v2v/input_ova.ml > +++ b/v2v/input_ova.ml > @@ -143,18 +143,11 @@ object > if Str.string_match rex line 0 then ( > let disk = Str.matched_group 1 line in > let expected = Str.matched_group 2 line in > - let cmd = sprintf "sha1sum %s" (quote (mf_folder // disk)) in > - let out = external_command cmd in > - match out with > - | [] -> > - error (f_"no output from sha1sum command, see previous errors") > - | [line] -> > - let actual, _ = String.split " " line in > - if actual <> expected then > - error (f_"checksum of disk %s does not match manifest %s (actual sha1(%s) = %s, expected sha1 (%s) = %s)") > - disk mf disk actual disk expected; > - debug "sha1 of %s matches expected checksum %s" disk expected > - | _::_ -> error (f_"cannot parse output of sha1sum command") > + let csum = Checksums.SHA1 expected in > + try Checksums.verify_checksum csum (mf_folder // disk) > + with Checksums.Mismatched_checksum (_, actual) -> > + error (f_"checksum of disk %s does not match manifest %s (actual sha1(%s) = %s, expected sha1 (%s) = %s)") > + disk mf disk actual disk expected; > ) > in > (try loop () with End_of_file -> ());ACK series. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-df lists disk usage of guests without needing to install any software inside the virtual machine. Supports Linux and Windows. http://people.redhat.com/~rjones/virt-df/
Seemingly Similar Threads
- Re: [PATCH v2 1/7] mllib: factorize code to add Checksum.get_checksum function
- [PATCH 0/3] v2v: Miscellaneous refactoring and fixes.
- [PATCH 00/10] RFC: builder: first support for Simple Streams metadata
- [PATCH v2 0/7] Introducing virt-builder-repository
- [PATCH v2 0/9] v2v: -i ova: Handle OVAs containing snapshots.